Information Disclosure in IBM HTTP Server on AS/400
CVE-2002-1822

Currently unrated

Key Information:

Vendor: IBM
Status: Http Server
Vendor: CVE Published:; 31 December 2002

Summary

The IBM HTTP Server 1.0 running on AS/400 is susceptible to an information disclosure vulnerability that allows remote attackers to expose the web root directory path and additional sensitive data. This information is inadvertently revealed through error messages triggered by requests for non-existent Java Server Pages (JSP), posing a security risk to the server's integrity and confidentiality. Administrators are advised to review server configurations to mitigate potential exposure.

References

http://www.iss.net/security_center/static/10628.php

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6181

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=103726020802411&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability Reserved
Jun 29, 2005
Vulnerability published
Dec 31, 2002